Originally posted by GDPurple
Thanks for the feedback.

Firstly, yes they do have firewall software. However I am trying to convince them that they would be better off with a hardware Firewall.

Secondly, I ideally wanted to set them up with a network printer i.e. a printer with a built in 10/100 port. Would it work if i put the network printer on a 192.168.x.x private IP address and then put a router between the printer and the rest of the network. Then the router can route the print jobs accross the different networks? I think this should work in theory I've just never tried this before.
The problem is that you'll need to add a route TO the 192.168.x.x network FROM their current router. If they don't own the router (their ISP probably does) the ISP probably won't want to add a private network route there. I could have a bad impact on their entire routing tables.

What I would suggest is to get yourself a PIX (or any firewall capable of doing static mappings), change all of the clients internal IPs to a 192.168.x.x network and setup static mappings in the PIX.

It works like this. Your client today has a public address of 210.10.10.25. You change the clients IP address to 192.168.1.25. You create a static mapping in the firewall that sends traffic destined for 210.10.10.25 TO 192.168.1.25. You do the same thing for all machines. Then you create an access list to allow traffic in. So traffic comes into the firewall on the external port. Based on static mappings and access lists, it is forwarded to a 192.168.x.x address. You can also narrow this down to the port level for more security. Just find out which ports the stock software uses and add it to an access list.

If it's a PIX the static map looks like this:

static (inside,outside) 210.10.10.25 192.168.1.25 netmask 255.255.255.255 0 0

the access list looks like this:

access-list 101 permit tcp any host 210.10.10.10 eq 500

where 500 is equal to the port your stock software uses.